Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Groovy is an agile and dynamic language for the Java Virtual Machine, builtupon Java with features inspired by languages like Python, Ruby, andSmalltalk. It seamlessly integrates with all existing Java objects andlibraries and compiles straight to Java bytecode so you can use it anywhereyou can use Java.

Security Fix(es):

* It was found that a flaw in Apache groovy library allows remote codeexecution wherever deserialization occurs in the application. It ispossible for an attacker to craft a special serialized object that willexecute code directly when deserialized. All applications which rely onserialization and do not isolate the code which deserializes objects aresubject to this vulnerability. (CVE-2016-6814)

4. Solution:

For details on how to apply this update, which includes the changesdescribed in this advisory, refer to: